-
-
Save directhex/728af6f96d1b8c976659 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs | |
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs 2009-09-25 15:59:06.000000000 +0100 | |
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs 2015-03-06 15:27:39.106561719 +0000 | |
@@ -60,14 +60,14 @@ | |
scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8); | |
// Supported exportable ciphers | |
- scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0); | |
- scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8); | |
- scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8); | |
- scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); | |
- scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8); | |
+ // scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0); | |
+ // scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8); | |
+ // scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8); | |
+ // scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); | |
+ // scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8); | |
// 56 bits but we use 64 bits because of parity (DES is really 56 bits) | |
- scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); | |
- scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); | |
+ // scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); | |
+ // scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); | |
// Default CipherSuite | |
// scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0); | |
@@ -138,14 +138,14 @@ | |
scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8); | |
// Supported exportable ciphers | |
- scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0); | |
- scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8); | |
- scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8); | |
- scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); | |
- scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8); | |
+ // scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0); | |
+ // scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8); | |
+ // scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8); | |
+ // scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); | |
+ // scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8); | |
// 56 bits but we use 64 bits because of parity (DES is really 56 bits) | |
- scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); | |
- scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); | |
+ // scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); | |
+ // scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0); | |
// Default CipherSuite | |
// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0); | |
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs | |
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs 2015-03-06 15:27:19.890562158 +0000 | |
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs 2015-03-06 15:27:39.106561719 +0000 | |
@@ -160,13 +160,6 @@ | |
return new TlsServerCertificate(this.context, buffer); | |
// Optional | |
- case HandshakeType.ServerKeyExchange: | |
- // only for RSA_EXPORT | |
- if (last == HandshakeType.Certificate && context.Current.Cipher.IsExportable) | |
- return new TlsServerKeyExchange(this.context, buffer); | |
- break; | |
- | |
- // Optional | |
case HandshakeType.CertificateRequest: | |
if (last == HandshakeType.ServerKeyExchange || last == HandshakeType.Certificate) | |
return new TlsServerCertificateRequest(this.context, buffer); | |
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs | |
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs 2009-09-25 15:59:06.000000000 +0100 | |
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs 2015-03-06 15:27:39.106561719 +0000 | |
@@ -190,59 +190,15 @@ | |
this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize); | |
this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize); | |
- if (!this.IsExportable) | |
+ if (this.IvSize != 0) | |
{ | |
- if (this.IvSize != 0) | |
- { | |
- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize); | |
- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize); | |
- } | |
- else | |
- { | |
- this.Context.ClientWriteIV = CipherSuite.EmptyArray; | |
- this.Context.ServerWriteIV = CipherSuite.EmptyArray; | |
- } | |
+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize); | |
+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize); | |
} | |
else | |
{ | |
- HashAlgorithm md5 = MD5.Create(); | |
- | |
- int keySize = (md5.HashSize >> 3); //in bytes not bits | |
- byte[] temp = new byte [keySize]; | |
- | |
- // Generate final write keys | |
- md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0); | |
- md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length); | |
- byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize]; | |
- Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize); | |
- | |
- md5.Initialize(); | |
- md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0); | |
- md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length); | |
- byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize]; | |
- Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize); | |
- | |
- this.Context.ClientWriteKey = finalClientWriteKey; | |
- this.Context.ServerWriteKey = finalServerWriteKey; | |
- | |
- // Generate IV keys | |
- if (this.IvSize > 0) | |
- { | |
- md5.Initialize(); | |
- temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length); | |
- this.Context.ClientWriteIV = new byte[this.IvSize]; | |
- Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize); | |
- | |
- md5.Initialize(); | |
- temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length); | |
- this.Context.ServerWriteIV = new byte[this.IvSize]; | |
- Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize); | |
- } | |
- else | |
- { | |
- this.Context.ClientWriteIV = CipherSuite.EmptyArray; | |
- this.Context.ServerWriteIV = CipherSuite.EmptyArray; | |
- } | |
+ this.Context.ClientWriteIV = CipherSuite.EmptyArray; | |
+ this.Context.ServerWriteIV = CipherSuite.EmptyArray; | |
} | |
DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray()); | |
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs | |
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs 2010-03-11 06:13:16.000000000 +0000 | |
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs 2015-03-06 15:31:14.758556786 +0000 | |
@@ -230,19 +230,11 @@ | |
// Send ServerCertificate message | |
this.protocol.SendRecord(HandshakeType.Certificate); | |
- // If the negotiated cipher is a KeyEx cipher send ServerKeyExchange | |
- if (this.context.Negotiating.Cipher.IsExportable) | |
- { | |
- this.protocol.SendRecord(HandshakeType.ServerKeyExchange); | |
- } | |
- | |
bool certRequested = false; | |
- // If the negotiated cipher is a KeyEx cipher or | |
- // the client certificate is required send the CertificateRequest message | |
- if (this.context.Negotiating.Cipher.IsExportable || | |
- ((ServerContext)this.context).ClientCertificateRequired || | |
- ((ServerContext)this.context).RequestClientCertificate) | |
+ // If the client certificate is required send the CertificateRequest message | |
+ if (((ServerContext)this.context).ClientCertificateRequired || | |
+ ((ServerContext)this.context).RequestClientCertificate) | |
{ | |
this.protocol.SendRecord(HandshakeType.CertificateRequest); | |
certRequested = true; | |
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs | |
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs 2009-09-25 15:59:06.000000000 +0100 | |
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs 2015-03-06 15:27:39.106561719 +0000 | |
@@ -118,45 +118,15 @@ | |
this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize); | |
this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize); | |
- if (!this.IsExportable) | |
+ if (this.IvSize != 0) | |
{ | |
- if (this.IvSize != 0) | |
- { | |
- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize); | |
- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize); | |
- } | |
- else | |
- { | |
- this.Context.ClientWriteIV = CipherSuite.EmptyArray; | |
- this.Context.ServerWriteIV = CipherSuite.EmptyArray; | |
- } | |
+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize); | |
+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize); | |
} | |
else | |
{ | |
- // Generate final write keys | |
- byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize); | |
- byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize); | |
- | |
- this.Context.ClientWriteKey = finalClientWriteKey; | |
- this.Context.ServerWriteKey = finalServerWriteKey; | |
- | |
- if (this.IvSize > 0) | |
- { | |
- // Generate IV block | |
- byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2); | |
- | |
- // Generate IV keys | |
- this.Context.ClientWriteIV = new byte[this.IvSize]; | |
- Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length); | |
- | |
- this.Context.ServerWriteIV = new byte[this.IvSize]; | |
- Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length); | |
- } | |
- else | |
- { | |
- this.Context.ClientWriteIV = CipherSuite.EmptyArray; | |
- this.Context.ServerWriteIV = CipherSuite.EmptyArray; | |
- } | |
+ this.Context.ClientWriteIV = CipherSuite.EmptyArray; | |
+ this.Context.ServerWriteIV = CipherSuite.EmptyArray; | |
} | |
DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray()); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment